Table of Contents
This article will show you how to run a Teamspeak 3 server under Debian Wheezy. Before you can start with it, you should do some preparation on your VPS.
If you already have a firewall in place, make sure that traffic to the Teamspeak server is allowed by adding the following rules:
iptables -A INPUT -p udp --dport 9987 -j ACCEPT iptables -A INPUT -p udp --sport 9987 -j ACCEPT iptables -A INPUT -p tcp --dport 30033 -j ACCEPT iptables -A INPUT -p tcp --sport 30033 -j ACCEPT iptables -A INPUT -p tcp --dport 10011 -j ACCEPT iptables -A INPUT -p tcp --sport 10011 -j ACCEPT
Otherwise, here is a basic list of rules that allows SSH and ICMP traffic (as well as traffic for Teamspeak of course) and drops everything else, IPv4 and IPv6:
iptables -A INPUT -i lo -j ACCEPT # Since a lot of interprocess-communication goes over the loopback-interface you should allow it to avoid very, very weird and difficult problems iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Accept packets that respond to outgoing requests iptables -A INPUT -p icmp -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p udp --dport 9987 -j ACCEPT iptables -A INPUT -p tcp --dport 30033 -j ACCEPT iptables -A INPUT -p tcp --dport 10011 -j ACCEPT iptables -P INPUT DROP # DROP everything else ip6tables -A INPUT -i lo -j ACCEPT ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT ip6tables -A INPUT -p icmpv6 -j ACCEPT ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT ip6tables -A INPUT -p udp --dport 9987 -j ACCEPT ip6tables -A INPUT -p tcp --dport 30033 -j ACCEPT ip6tables -A INPUT -p tcp --dport 10011 -j ACCEPT ip6tables -P INPUT DROP
After spinning up your server, login as root. While permanently working as root is generally frowned upon by the internet community, it also has serious implications for the security of your server. According to the Internet Storm Center 90% of all brute-force attacks on SSH are targeting the root-account. There are hundreds if not thousands of automated scans out there trying to break into servers with weak administrative passwords – so it’s definitely a good idea to use a separate user in combination with sudo.
First, add another user and give it a strong password:
useradd -m -s /bin/bash yourusername passwd yourusername
/etc/sudoers to allow yourself to use it:
yourusername ALL=(ALL:ALL) ALL
Then, logout and log back into the machine with your new user. You can then disable root login in
PermitRootLogin no AllowUsers yourusername
https://www.itweb.services/tutorials/linux-guides/how-do-i-generate-ssh-keys”>this tutorial. Congratulations, you saved yourself from over 90% of attackers out there. Now, onto installing the Teamspeak server.
It is bad practice to run a service as root, so create a user solely for Teamspeak:
sudo useradd -m -s /bin/bash teamspeak
Afterwards, log into that user account and switch to the home directory:
sudo su teamspeak cd
Download Teamspeak. Depending on your architecture, you will need either the x64 version:
Or the x86 version:
Unpack the downloaded archive:
tar -xzvf *.tar.gz && rm *.tar.gz
Now, you have a folder named teamspeak3-server_linux-amd64 with some scripts in it. Switch back to your normal user:
Setup a script to automatically start your server after a reboot. This script also easily stops or restarts the Teamspeak service. Paste the following into /etc/init.d/teamspeak:
#!/bin/sh ### BEGIN INIT INFO # Provides: teamspeak # Required-Start: $local_fs $network # Required-Stop: $local_fs $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Description: Teamspeak 3 Server ### END INIT INFO USER="teamspeak" DIR="/home/teamspeak/teamspeak3-server_linux-amd64" ###### Teamspeak 3 server start/stop script ###### case "$1" in start) su $USER -c "$DIR/ts3server_startscript.sh start" ;; stop) su $USER -c "$DIR/ts3server_startscript.sh stop" ;; restart) su $USER -c "$DIR/ts3server_startscript.sh restart" ;; status) su $USER -c "$DIR/ts3server_startscript.sh status" ;; *) echo "Usage: " >&2 exit 1 ;; esac exit 0
Make that file executable:
sudo chmod 700 /etc/init.d/teamspeak
Now, make Teamspeak start at boot:
sudo update-rc.d teamspeak defaults
All that’s left is to start the service:
sudo service teamspeak start
Do you need help setting up this on your own service?
Please contact us and we’ll provide you the best possible quote!